1. Field of the Invention
The present invention relates to a login administration method and a server which achieve remote login from an administrator terminal or the like to a terminal which is present on a network via the server through an authentication process using user biometric information such as fingerprints, and particularly relates to a login administration method and a server for subjecting a plurality of terminals to login processes at the same time.
2. Description of the Related Arts
Conventionally, in a computer network system, a wide area network is built not only by connecting a large number of personal computers or workstations on a network, but also by connecting networks, WANs, etc. which are placed at geographically distant locations outside the same building or facility. When distributed administration is performed for such a computer network system, determination upon failure occurrence is difficult, and massive operational cost is taken; therefore, centralized administration utilizing SNMP (Simple Network Management Protocol) installed in many network devices is performed. Administration items of network administration can be generally divided into, for example, constitution administration in which the state of the devices constituting a network is monitored and the operation thereof is controlled, performance administration in which the performance of the devices constituting the network is measured, secret administration in which utilization of information, devices, etc. in the network to resources is limited so as to control utilization of the resources to be correctly performed, and billing administration in which the usage state of the resources in the network is recorded for each user. By acquiring such administration items from the network, a network administrator can always seize the latest network configuration and can appropriately carry out network administration services of checking if unauthorized packets are not transmitted by monitoring the traffic state of the devices, finding unauthorized users from access records so as to prevent intrusion, and seizing the resource utilization state of users so as to advise them about appropriate resource utilization. Furthermore, as a method in which a network administrator remotely connects to and administers network devices, sometimes, they are arranged so that remote connection from an administrator terminal to the network devices can be established by using the TCP/IP Telenet protocol, and, when the network devices are to be subjected to maintenance, required operations are performed by remotely performing login from the administrator terminal to the network devices.
FIG. 1 is an example of a conventional computer network system, wherein an administrator terminal 102 and terminals 104-1 to 104-4 serving as network devices to be administered are connected to a network 100 of Ethernet or the like. In a conventional login process, when login is requested from the administrator terminal 102 serving as a login origin to, for example, the terminal 104-1 serving as a login destination, a login prompt is sent back from the terminal 104-1 to the administrator terminal 102, and therefore a shared account and a shared password the administrator has are transmitted to the terminal 104-1. The terminal 104-1 of the login destination performs a search in an authentication table by using the pair of the received shared account and the shared password as an entry; and, when a matched entry is found, the terminal determines successful authentication, performs a login process, imparts an administrator right registered in the table corresponding to the successful authentication thereto, and permits access from the login origin administrator terminal 102. However, in the login administration method by authentication using the shared account and the shared password, the logged-in user cannot be specified, and the log that, for example, who logged in and did what operations cannot be left. Moreover, file access authority and program execution authority are uniformly and similarly imparted to all the users who know the shared account, and administration troubles such as leakage of the administration authority and forgetting of passwords may occur. In order to solve such problems, as a conceivable login administration method, an authentication method (JP 2006-178897) which uses a shared account and user fingerprint information when imparting file access authority or program execution authority can be utilized.
However, in such a conventional login administration method, when a network administrator is to log in to a plurality of devices present on a network to perform required administration processes, for example, maintenance, the plurality of network devices serving as login targets have to be checked, and a login operation has to be performed for each one of the network devices; thus, there is a problem that login to the plurality of network devices takes labor hours and time. More specifically, in the login administration method using the shared account and the user fingerprint information, as login operations, a login request operation specifying the address of a network device, an input operation of a shared password and a fingerprint input operation using a fingerprint sensor with respect to a login prompt sent from a login destination terminal in response to the login request operation have to be repeated; thus, the login operations take labor hours and time. Moreover, in the fingerprint input operation using the fingerprint sensor, if, for example, a stain is adhered on the sensor, fingerprint information cannot be correctly read/reproduced, authentication fails since it is not matched with the registered fingerprint information in an authentication table, and the fingerprint input has to be repeated.
Furthermore, sometimes, when the number of times of authentication failure of fingerprint matching exceeds a predetermined threshold value, it is determined as unauthorized login so as to lock it. Thus, there is a problem that considerable labor hours and time is taken when login to a large number of network devices is to be performed at the same time.